DHS issues warning that Anonymous may attack infrastructure
Bulletin says hacker collective could soon be capable of heavily damaging industrial control systems
Computerworld - The U.S. government is keeping a wary eye on what it says is hacking collective Anonymous' growing interest in attacking critical infrastructure targets.
A DHS bulletin posted this week assesses the ability of the collective to inflict damage on industrial control systems that manage equipment at power plants, water treatment facilities, chemical plants and other potential targets.
The report downplays the near-term threat posed by Anonymous to such targets, but adds that experienced and skilled members of the group could "develop capabilities to gain access and trespass on control system networks very quickly."
The report says that Anonymous recently called on members to target energy companies. DHS said the call is likely to attract both members of the collective and the broader activist hacking community.
"Asset owners and operators of critical infrastructure control systems are encouraged to engage in addressing the security needs of their control system assets," the DHS said.
The bulletin was posted on Monday on publicintelligence.net, which describes itself as "an international, collaborative research project aimed at aggregating the collective work of independent researchers around the globe who wish to defend the public's right to access information."
The DHS National Cybersecurity and Communications Integration Center (NCCIC) bulletin is not classified, but is marked for official use only. It is addressed broadly to stakeholders within the cybersecurity and critical infrastructure communities.
In the report, the DHS cites several recent actions that point toward a growing interest by Anonymous in industrial control systems.
In July, it notes, Anonymous members released a report spelling out the collective's concerns about global warming and called for protests against the Alberta Tar Sands project in Montana.
The Anonymous report aimed to draw attention to what the group claimed was "boundless greed" of several energy and financial services companies.
In July, a known member of Anonymous also publicly claimed to have accessed multiple control systems.
"The posted xml and html code reveals that the individual understands the content of the code in relation to common hacking techniques to obtain elevated privileges," the DHS said. "It does not indicate knowledge of ICS; rather, it indicates that the individual has interest in the application software used in control systems."
The Anonymous post included administrative code used to create password dump files for a human-machine interface system from Siemens, and so-called "foundation code" that is used in server communication with programmable logic controllers, industrial controllers and remote terminal units, the DHS bulletin said,
The publicly posted code "indicates that the individual was able to recognize and post the portions of code that would ensure others knowledgeable in control systems would take notice," the DHS said.
The report notes that Anonymous has the ability to disrupt some systems within the critical infrastructure -- such as Windows systems and Web applications -- by using "rudimentary attack methods" such as denial of service attacks.
"Anonymous' increased interest may indicate intent to develop an offensive ICS capability in the future," it said.
The DHS assessment comes amid increasing concern about vulnerabilities in U.S. critical infrastructure. Last year's Stuxnet worm in particular drew massive attention to the possibility that cyberattacks could disrupt or take down critical infrastructure targets.
The DHS in recent months issued several similar alerts about the activities of Anonymous, which indicates that the loosely affiliated collection of so-called hactivists is seen as a serious threat.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts